View Categories

Think Crew Security Overview

3 min read

Think Crew maintains enterprise-grade security through a multi-layered approach across all components of our infrastructure. Our platform leverages industry-leading hosting providers and implements security best practices to protect your data and ensure platform reliability.

Security Architecture #

HTTPS Encryption #

All Think Crew services use HTTPS encryption to secure data transmission between clients and servers. This industry-standard protocol ensures that all communications are encrypted in transit, protecting against eavesdropping and man-in-the-middle attacks.

Multi-Tier Infrastructure Security #

Think Crew’s security is built on three foundational layers:

  • Frontend Security (Dreamhost)
  • Backend API Security (Heroku)
  • Database Security (ObjectRocket)

Each layer implements specific security controls appropriate to its function while working together to create a comprehensive security posture.

Frontend Security (Dreamhost) #

Core Security Features #

Dreamhost provides our security certificate, automated backups, DDoS protection, and malware scanning for all hosted websites. The platform automatically installs and renews SSL certificates powered by Sectigo DV.

Web Application Protection #

Dreamhost provides our Web Application Firewall (WAF) that protects websites from common attacks, such as SQL injection and cross-site scripting (XSS). Additionally, they use Lua-resty-waf, an open-source project that combines Nginx services, Lua interpreter, and JIT compiler for advanced protection.

Additional Security Measures #

  • DreamShield: DreamHost’s own malware remover, made by the company’s in-house security engineers, which performs weekly scans and provides malware removal
  • Domain Privacy: A default free security service that hides personal information from the public WHOIS database
  • Multi-Factor Authentication: Support for Google Authenticator app or YubiKey protection for login credentials

Infrastructure Security #

DreamHost provides robust digital security tools, including SSL, daily data backups, and web application firewalls. The platform maintains a 100% uptime guarantee backed by compensation for any downtime.

Backend API Security (Heroku) #

Platform-Level Security #

Heroku applies security best practices and manages our platform security, with security controls at every layer from physical to application, isolating customer applications and data. The platform is designed to rapidly deploy security updates without customer interaction or service interruption.

Data Protection & Compliance #

Heroku maintains extensive compliance certifications:

  • ISO 27001/27017/27018: Certified against widely recognized international information security standards that specify security management best practices and comprehensive security controls
  • SOC 1, 2, and 3: Independent auditing of IT controls and security measures around availability, confidentiality and security of customer data
  • HIPAA & PCI Compliance: Heroku Shield provides additional security features for building HIPAA or PCI compliant applications

Access Control & Authentication #

Heroku offers Single Sign-On (SSO) integration with identity providers and mandatory Multi-Factor Authentication (MFA) as an effective way to increase protection against common threats like phishing attacks, credential stuffing, and account takeovers.

Infrastructure & Backup Protection #

Our API is automatically backed up as part of the deployment process on our secure, access controlled, and redundant storage. The platform utilizes ISO 27001 and FISMA certified data centers managed by Amazon with extensive physical security controls.

Private Network Isolation #

Heroku Private Spaces provide network isolated environments with additional trust controls including keystroke logging for production access auditing, space-level logging, encryption at rest for ephemeral data, and strict TLS enforcement.

Database Security (ObjectRocket) #

Core Security Controls #

Our ObjectRocket clusters come with SSL encryption, ACLs/IP whitelisting, user authentication, and container-based isolation. The platform also offers encryption at rest as an optional setting for customers that want an extra layer of security.

High Availability & Data Protection #

ObjectRocket offers sharded and replica MongoDB instances in 3 member replica sets for data redundancy and fault tolerance. Each instance is protected by replication, and should any component fail, the replica set architecture provides primary level high availability and fault tolerance.

Backup & Recovery #

Backups are taken daily with a default retention period of two weeks. ObjectRocket retains instance data for up to 24 hours in the event an instance was accidentally deleted, providing additional protection against data loss.

Performance & Isolation #

ObjectRocket uses single-tenant clusters with dedicated containers running on high performance hardware with PCI Express flash storage, ensuring both security isolation and optimal performance.

Shared Responsibility Model #

Think Crew’s security follows industry-standard shared responsibility principles:

Think Crew’s Responsibilities #

  • Maintaining secure infrastructure configurations
  • Implementing security updates and patches
  • Monitoring for security threats and vulnerabilities
  • Ensuring data backup and recovery capabilities
  • Managing access controls and authentication systems

User Responsibilities #

  • Using strong, unique passwords
  • Following secure coding practices in applications
  • Reporting suspected security incidents promptly
  • Keeping local systems and browsers updated

Incident Response #

In the event of a security concern:

  1. Report immediately to our support team at support@thinkcrew.com
  2. Document any suspicious activity or potential security indicators
  3. Preserve any relevant evidence
  4. Follow any additional guidance provided by our team

Compliance & Certifications #

Through our hosting partners, Think Crew benefits from multiple compliance frameworks:

  • ISO 27001/27017/27018 (Information Security Management)
  • SOC 1, 2, and 3 (Service Organization Controls)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • GDPR (General Data Protection Regulation) compliance support

Regular Security Practices #

Continuous Monitoring #

  • 24/7/365 infrastructure monitoring across all tiers
  • Automated security scanning and threat detection
  • Regular security assessments and penetration testing

Updates & Maintenance #

  • Automatic security patches and updates
  • Regular infrastructure security reviews
  • Proactive vulnerability management

Data Protection #

  • Encryption in transit (HTTPS/TLS)
  • Regular automated backups with secure storage
  • Data redundancy and fault tolerance

Contact Information #

For security-related questions or to report security concerns: support@thinkcrew.com

Updated on July 8, 2025
access-control

What are your Feelings

  • Happy
  • Normal
  • Sad

Leave a Reply

Your email address will not be published. Required fields are marked *